Secure system for programming electronically controlled locking devices by means of encrypted acoustic accreditations

ABSTRACT

The invention relates to a system implementing a mobile telephone ( 20 ) to which a master user authorized to program a lock ( 22 ) has access. A remote management site ( 10 ) includes a database ( 12 ) of locks and authorized users, having, for each lock, a list of authorized users with corresponding access rights, as well as an accreditation data generator ( 14 ). The accreditations are encrypted acoustic accreditations in the form of single-use audio signals, suitable for programming locks indexed in the database by the access rights indexed in the database and/or by additional data. The system includes a means for securely transmitting the encrypted acoustic accreditations from the management site to the mobile telephone of the master user. The lock ( 22 ) includes an electro-acoustic transducer ( 54 ) that is suitable for picking up acoustic accreditations reproduced by the telephone placed beforehand near the lock, as well as a means for recognizing, analyzing and authenticating the picked-up acoustic accreditations, and for programming access rights and/or additional data upon recognizing a compliant accreditation.

This application is the U.S. national phase of International ApplicationNo. PCT/FR2010/051501 filed 16 Jul. 2010 which designated the U.S. andclaims priority to EP 09167248.5 filed 5 Aug. 2009, the entire contentsof each of which are hereby incorporated by reference.

The invention relates to the lock devices electrically controlled bymeans of a portable object acting as a key, such as a contactless cardor badge, or also a mobile phone equipped with means (of the inductive,radiofrequency, acoustic type . . . ) for the coupling to the lock.

As used herein, “lock device” means not only a lock strictly speaking,i.e. a mechanism applied for example on a door so as to prevent theopening thereof, but also any device making it possible to obtain acomparable result, for example a lock barrel considered solely, or amore specific locking device comprising various members not groupedtogether in a same lock case, the final purpose being to prevent,through mechanical means, the physical access to a given place or space,and to allow access to that place or space through unlocking of the lockdevice, upon a request from the user, after having checked that thisuser has actually the access rights (i) that are peculiar to him and(ii) that are peculiar to the lock device. The lock device may alsocomprise, or be associated with, an alarm system that must bedeactivated to allow access to a given space, or conversely, activatedto protect this space before or after having leaving it.

For the simplicity of the description, it will be hereinafter simplyreferred to a “lock”, but this term has to be understood in its widersense, without any limitation to a particular type of equipment.

The invention relates more precisely to the programming of those lockswith the “access rights” that correspond to them, i.e. the indication ofthe users that are authorized to open this or that lock, with for eachone a definition of the rights that are peculiar to him, wherein suchrights can be for example limited in time (lapsing of the access right),or limited to certain days of the week, or to certain time slots, etc.

In certain systems, each lock is connected to a network for acentralized management of the accesses and the rights checking. Suchsystems are well adapted to business or hotel environment, but far lessadapted to residential applications, or to the modernization ofpre-existing equipments in which it would be hardly conceivable tocreate a local network, with notably all the wiring difficulties thatwould involve.

The invention is more particularly, but not exclusively, aimed atanother type of equipment, in which the locks are self-standing devices,each of which internally memorize the access rights that are attachedthereto (authorized users and, for each one, potential accessrestrictions).

The programming of this type of lock involves the on-site interventionof an operator (hereinafter referred to as “master-user”) having adevice that can be coupled to the lock to write or to update the accessrights therein. The update may also relates to various other operatingparameters of the lock, such as date and time, identification data,calculation algorithms, cryptographic elements, etc.

In practice, programming such self-standing locks is a tricky operation,requiring specific and expensive equipment as well as previous learning,obliging most of time to appeal to a professional operator.

Those drawbacks are a significant brake to the deployment of suchself-standing lock devices.

In this respect, it would be desirable to have available a programmingmeans, which is simple to implement and which does not need a specificequipment, so that the programming can be made by simple operations,within the ability of everybody.

This would notably make it possible to develop residential applications,where the customers want to be able to program themselves the locks theyhave acquired, and/or to update these latter themselves without havingto appeal to a professional, in particular each time it is necessary tomodify the access rights or to create new ones.

One object of the invention is to propose a new method of programmingsuch locks, which can be easily implemented by means of a mobile phone,and in a manner simple enough to be within the ability of anon-professional master-user of average skill.

Another object of the invention is to propose a lock programming methodshowing a maximum security level, a very high flexibility ofimplementation, and which can be used with any pre-existing conventionalmobile phone, without the need for the master-user to use a particularprogramming device. The system of the invention will thus be immediatelygeneralizable and usable by everybody, with the security and theflexibility peculiar to the modern cryptographic methods.

The principle of the invention lies in the use of encrypted acousticaccreditations for programming the lock. Such acoustic accreditationsare, for example, in the form of a coded series of tones (DTMF tones orothers), emitted by the loudspeaker of an emitting device and picked upby the microphone of a receiving device.

In the case of the invention, such encrypted acoustic accreditations are“downward” accreditations, i.e. they come from a remote management siteand are transmitted to the mobile phone of the master-user. To use theaccreditation, the master-user brings his phone in the vicinity of thelock and triggers the emission of the series of tones corresponding tothe encrypted acoustic accreditation by the loudspeaker of his phone, sothat these tones can be picked up by a microphone incorporated in thelock or coupled thereto. The latter decodes the accreditation, checks itand, in case of compliance, programs or reprograms the access rights inits internal memory.

The use of acoustic accreditations is not new in itself and has alreadybeen proposed in other contexts and for other applications, for exampleby the WO 2008/107595 A2 (Tagattitude).

This document describes a method of securing the logical access to acomputer network by a remote terminal, for example by a computerconnected to this network via Internet. The user connects to the networkwith his computer and simultaneously powers up his phone and, by meansof the latter, calls a control site interfaced with the network to whichthe access is requested. To check the user's authorization, the networksends an audio signal (acoustic accreditation) to the remote computerthat has just connected, and this signal is reproduced by theloudspeaker of the computer. The user having placed his phone in frontof the loudspeaker, this audio signal is picked up by the phone,transmitted to the remote control site via the mobile phone networkoperator and “listened to” by the control site, which can then check theaccreditation and authorize the access to the computer network by theterminal. It will be observed that, in this case, it is an “upward”accreditation: the acoustic accreditation is picked up by the microphoneof the phone, which forwards it to the control site. Knowing therecipient of the phone call, the control site can identify the userthrough the mobile phone used for that operation, and thus authorize thelogical access to the network by the terminal located in the vicinity ofthe thus-identified phone.

More precisely, the present invention relates to a secured system forcontrolling the opening of lock devices, comprising, in a manner knownin itself: at least one lock device provided with electronic circuitsfor the conditional control of locking/unlocking mechanical membersbased on previously defined access rights; a mobile phone at thedisposal of a master-user; and a remote management site.

Characteristically of the invention, the remote management sitecomprises: a database of lock devices and authorized users with, foreach lock device, an associated unique identifier, a list of authorizedusers with corresponding access right data, and possibly additionaldata; and a generator of accreditation data, the accreditations beingencrypted acoustic accreditations in the form of single-use audiosignals, adapted for allowing the programming of the lock devices withthe access rights indexed in the database and/or with the additionaldata. Besides, the system comprises means for secured transmission ofsaid accreditation data from the management site to the mobile phone ofthe master-user, and the phone comprises an electroacoustic transducercapable of reproducing the acoustic accreditations. The lock devicecomprises an electroacoustic transducer capable of picking up theacoustic accreditations reproduced by the phone's transducer previouslyplaced in the vicinity of the lock device, as well as means forrecognizing, analyzing and authenticating the acoustic accreditationspicked up by the transducer, and performing a programming of the accessrights and/or of the additional data upon recognizing a compliantaccreditation.

The means for secured transmission of the accreditation data from themanagement site to the mobile phone of the master-user may comprisemeans for coupling this mobile phone with a computer terminal connectedto the management site, and/or a mobile network operator coupled to themanagement site and to the phone of the master-user.

Advantageously, for the generation of accreditation data to betransmitted to the phone, the management site may combine the accessright data peculiar to the authorized users with additional datapeculiar to the lock and obtained with the management site, and generatean acoustic accreditation that is a function of both said access rightdata and said additional data.

As an alternative or in addition, the phone may combine theaccreditation data transmitted by the management site with additionaldata inherent to the phone and obtained locally, and generate anacoustic accreditation that is a function of both said accreditationdata and said additional data. These additional data can in particularcomprise information of geographic location of the phone at the time ofthe programming operation, the lock device comprising accordingly meansfor memorizing the information of geographic location at the time ofprogramming, and subsequently comparing such information withinformation of geographic location of a user's phone at the time of anattempted opening of the lock device by this user.

According to various advantageous subsidiary characteristics:

-   -   the phone is capable of: previously to the reproduction of the        access right programming acoustic accreditations, reproducing a        specific session initiation accreditation adapted to switch the        lock device into a programming mode; and possibly, after the        reproduction of the programming acoustic accreditations,        reproducing a specific session closing accreditation adapted to        switch the lock device out of said programming mode;    -   the lock device comprises an electroacoustic transducer capable        of reproducing return acoustic signals, generated by the lock        device and coded with data peculiar to the lock device, and the        phone comprises an electroacoustic transducer capable of        picking-up said return signals, as well as means for decoding        the return signals and displaying, if need be, to the user, a        message based on data peculiar to the lock device, and/or for        transmitting to the management site the return signals coded        with the data peculiar to the lock device;    -   the phone comprises means for memorizing and updating a list of        lock devices already programmed and of lock devices not yet        programmed;    -   the system comprises means for conditioning the reproduction of        the acoustic accreditation by the phone's transducer to the        previous presentation of a personal validation data delivered by        the master-user to the phone.

In a first embodiment, the system comprises means capable of: checkingthe authorization of the master-user to perform a programming of thelock device; generating an acoustic accreditation by the generator ofthe management site; and transmitting said accreditation to the phone,for direct reproduction by the transducer of the latter previouslyplaced in the vicinity of the lock device's transducer.

In a second embodiment, the system comprises means capable of: checkingthe authorization of the master-user to perform a programming of thelock device; generating an acoustic accreditation by the generator ofthe management site; and activating an internal applet of the phone todownload said accreditation and memorize the latter in a memory of thephone; and, in a second time, activating the internal applet forreproducing the accreditation by the phone's transducer previouslyplaced in the vicinity of the lock device's transducer.

In a third embodiment, the phone contains an internal applet forming, incombination with a cryptographic key, a cryptographic generator. In thiscase, the accreditation data transmitted by the remote management siteto the phone is said cryptographic key, so as to allow, upon a requestfrom the master-user, the generation of the acoustic accreditation bythe internal applet and the reproduction thereof by the phone'stransducer previously placed in the vicinity of the lock device'stransducer.

In a fourth embodiment, the system comprises means adapted for: checkingthe authorization of the master-user to perform a programming of thelock device; generating an acoustic accreditation by the generator ofthe management site and converting said accreditation into an audiofile; transmitting said audio file to the phone for download andmemorization into a memory of the phone; and, in a second time,reproducing the audio file by the phone's transducer previously placedin the vicinity of the lock device's transducer.

Various exemplary embodiments of the invention will now be described,with reference to the appended drawings in which same reference numbersdesignate identical or functionally similar elements through thefigures.

FIG. 1 schematically illustrates the main elements contributing to theoperation of the system according to the invention;

FIG. 2 illustrates more precisely, as a block diagram, the main membersconstituting the mobile phone and the lock to which the latter iscoupled:

The principle of implementation of the invention will now be describedwith reference to FIGS. 1 and 2.

One of the essential elements of the invention is a secured managementsite 10 centralizing in a database DB 12 the information forinventorying and identifying a number of locks with the access rightdata associated therewith, comprising a list of authorized users with,for each one, the authorized access conditions: access restricted tocertain days or certain time slots, expiry date of an access right, etc.

In addition to the authorized users, the database also indexes for eachlock a Unique Identifier, UID, which is uniquely assigned and whichpermits to identify the lock univocally in the various data exchangeprotocols. The lock can also be identified by a free name (“front door”,“garage door”, “cave door”, etc.), in particular to facilitate theselection by a user of a lock among other ones, in the same way as alabel that would be attached to a conventional key.

Other data can also be stored in the database, in particular thealgorithms used by the lock, one or several cryptographic keys, etc.

The management site 10 also comprises a cryptographic motor forming agenerator 14 of accreditation data.

Characteristically of the invention, the “accreditation data”(credentials) are encrypted acoustic accreditations in the form ofsingle-use audio signals, for example (but in a non-limitative way)consisted of a succession of double DTMF tones. These audio signals aredesigned so that they can be conveyed by audio transmission channels andreproduced as such by acoustic transducers.

The programming of a lock firstly involves defining or updating in thedatabase DB the list of the authorized users with, for each one, thecorresponding access conditions. These different pieces of informationwill be communicated to the management site 10 by an authorized operator(hereinafter referred to as “master-user”) during an initial phase.

As will be explained latter, the programming may also involve, inaddition to determining access rights, updating other pieces ofinformation peculiar to the lock and relating to the operation thereof,such as: date and time, algorithm used for recognizing and decoding theacoustic accreditations, cryptographic key, and free name.

The input by the master-user of the lists of authorized users and thecorresponding access rights can be easily performed by means of amicro-computer 16 connected to the management site 10 by a securedconnection, for example an IP connection of the https type 18.

The use of a micro-computer 16 is however not essential, and themaster-operator can also input the data relating to the access rights bymeans of his mobile phone 20, the latter operating, during this initialphase, as a terminal connected to the remote management site 10 via amobile phone operator.

Once the various access right data are input and introduced into thedatabase 12, a corresponding lock 22 has to be programmed orreprogrammed with those access rights, and/or possibly with other piecesof information peculiar to the lock: date and time, algorithms,cryptographic key, free name, etc.

The basic principle of the invention consists in performing saidprogramming by making the loudspeaker of the mobile phone 20 of themaster-user reproducing, as an audio signal, an encrypted acousticaccreditation containing the various pieces of information required forthe programming, with the mobile phone 20 being brought in the vicinityof the lock 22 that comprises a microphone for picking up this encryptedacoustic accreditation.

The acoustic accreditations, generated by the cryptographic motor 14,can be sent to the mobile phone 20 via the network of the mobile phoneoperator, or MNO (Mobile Network Operator), 24, which is itself coupledto the management site 10 by a secured connection, for example an IPconnection of the https type, or simply through an audio phone gatewayPGW (Phone Gate Way) 26 making it possible to convey the acousticaccreditations from the generator 14 to the phone 20 by the audiotransmission channels (voice channel) of the mobile phone network. Thesecuring of the connection between the mobile network 24 and the mobilephone 20 may be operated through a Trusted Service Provider, or TSM(Trusted Service Manager), capable of efficiently and securely ensuringthe various hereinafter-described procedures of information exchange ordownload between the management site 10 and the mobile phone 20 of themaster-user, via the phone network operator 24.

As an alternative or in addition, the encrypted acoustic accreditationsmay be transmitted from the management site 10 to the phone 20 via themicro-computer 16, by appropriate coupling means 28 such as: wire (USBcable) or wireless (Bluetooth) connection, via an intermediate storagedevice (SD or MicroSD card, or USB dongle), or by acoustic couplingbetween the loud-speaker of the micro-computer and the microphone of themobile phone 20 (because the acoustic accreditations are in the form ofaudio signals).

FIG. 2 illustrates, as a block diagram, the main members of the mobilephone 20 and of the lock 22.

The phone 20 comprises a microcontroller 30 coupled to variousperipheral members such as emitting/receiving circuit 32, display 34,keyboard 36, data memory 38, UICC card (Universal Integrated CircuitCard, corresponding to the “SIM card” for the GSM phone functions) 40,and acoustic transducer 42.

The lock 22 comprises a microcontroller 44 as well as anelectromechanical system 46 for operating the unlocking of a slidingbolt or a handle 48 upon a command from the microcontroller 44. A datamemory 50 stores various modifiable data peculiar to the lock, inparticular:

-   -   the list of the authorized users, such users being each        univocally indexed by a Unique Identifier, UID, of a key        consisted of a portable object made available to the authorized        user, wherein such object can be—in a non-limitative way—a card        or a badge for wireless coupling with the lock (in particular of        the RFID type), or a radio or acoustic remote control, or a        mobile phone identified by its subscriber number;    -   for each user, the authorized access conditions (days or time        slots, expiry date of the access right . . . );    -   the lock unique identifier UID, which is a programmable        identifier, indexed in the database DB of the management site,        and which makes it possible to recognize univocally the lock        among all the others;    -   a free name (“front door”, “garage door” . . . );    -   recognizing and decoding algorithms;    -   cryptographic keys.

The lock comprises its own power supply means, in the form of a battery52, so as to be electrically autonomous. An external power supply ishowever possible.

Characteristically, the lock 22 is further provided with an acoustictransducer in the form of a microphone 54 for picking up the surroundingaudio signals, in particular the acoustic accreditation that will bereproduced by the loudspeaker 42 of the phone 20, and transforming thepicked up acoustic signals into electric signals applied to themicrocontroller 44 for decoding, checking and programming orreprogramming in the memory 50 the various above-mentioned modifiabledata.

Implementation of the Invention

Various operating modes for implementing the invention with thedifferent elements of the system just described will now be described.

Beforehand, if the lists of authorized users and access rights are notyet in the database DB of the management site 10, or if these data haveto be updated, the master-user (or another user accredited by thelatter) has to input and communicate them to the management site, by thefollowing successive steps:

-   1. Secured access (login+password) to the management site 10;-   2. Input of the lock UIDs and of the key UIDs of the authorized    users;-   3. If need be, input of the mobile subscriber numbers of the users    authorized to use a mobile phone to open the locks (or even    accredited for the programming);-   4. Possible allocation of abbreviated names of ports to the lock    UIDs and/or of abbreviated names of users to the key UIDs;-   5. Allocation of the access rights and conditions to the different    users;-   6. Validation of the previous inputs;-   7. If need be (see hereinafter), delivery by the management site of    the uplink call number(s) to be dialed by the master-user to program    each lock, wherein such information can also be sent to him by SMS,    MMS, e-mail or instantaneous messaging, etc.

When he wants to program or reprogram a lock, the master-user receivesfrom the management site 10 the data that must be written or updatedinto the memory 50 of the lock 22, via the micro-computer 16 and thecoupling 28, or directly via the mobile phone operator 24.

As described above, the data received from the remote management site 10can comprise, in addition to the access rights attached to eachauthorized user, a number of pieces of information peculiar to the lock,such as: algorithm used, cryptographic key, abbreviated name, etc. Theupdate can also relate to the date and time of the internal clock of themicro-controller 44, remotely from the management site 10.

The programming data can also comprise data that are peculiar to themobile phone 20 of the master-user, such as:

-   -   date and time, when such information are desired to be updated        from the mobile phone instead of from the management site 10;    -   the IMEI number that identifies uniquely the phone;    -   the identifier of the UICC card 40 (identifier of the SIM card);    -   possibly, geographic location information given the position of        the phone 20 at the time of programming (GPS coordinates if the        phone is equipped with this function, or approximate location        based on the network cell from which the phone emits).

To program the lock, the user places his phone 20 in front of the lock22 he wants to program and triggers the emission, as an audio signal, ofthe corresponding acoustic accreditation. This emission may also betriggered (as explained hereinafter) by simply answering or picking up adownlink call to the mobile phone of the master-user from the remotemanagement site.

The acoustic accreditation, picked up by the microphone 54 of the lock,is analyzed by the micro-controller 44 that, in case of compliance,performs the programming or the updating of the correspondinginformation in the memory 50.

The fact that the encrypted acoustic accreditation is a single-useaccreditation avoids any fraud by recording and duplicating theaccreditation.

A precaution for increasing the security consists in providing anadditional validation by the user, for example the input of a personalcode of the “PIN code” type before the delivery of the acousticaccreditation, or a validation of the biometric type, by means of abiometric reader incorporated in the phone or by a voice printrecognition system using the phone's microphone (wherein the specificbiometric print may be stored in the memory 38 of the phone, or in theUICC card 40, or in the database 12).

Advantageously, the lock 22 is provided with means for emitting inreturn an acoustic signal validating the good execution of theprogramming operation.

It is possible to use for that purpose the transducer 54 of the lock bymaking it operate in a reversed mode (emitting audio signals instead ofpicking them up), or to provide a specific transducer for reproducingaudio signals. The audio signal thus emitted by the lock will be pickedup by the microphone of the phone 20 and translated by an applet of thephone into an audio or visual message to the master-user to confirm (orinvalidate) the good execution of the programming. The applet may alsokeep a track of the locks that have been programmed and of those thathave not yet been programmed, for example by displaying a list of locks,to alert the master-user if he has forgotten to program some of them.

Advantageously, it is possible to benefit from the return of informationafter programming the lock to collect data memorized in the latter, orstate information such as low battery signal, need for maintenance,dysfunction, opening proof, etc. Such data or information may betranslated by the phone's applet into alert messages (“low battery”)displayed on the phone's display screen, such messages being repeated ifnecessary at regular intervals.

Moreover, these data or information will advantageously be able to besent toward the management site via the mobile network 24, thus takingadvantage of the establishment by the master-user of a downlinkconnection (from the management site to the lock) to return informationin the reverse direction (from the lock to the management site). Inother words, the master-user, when programming or reprogramming, becomesa source of information for the system. This way to operate is hereinparticularly advantageous because the locks are of the “stand alone”type, i.e. they operate fully autonomously without being connected toany local network that would permit it to exchange data or to transmitsome state or anomaly messages.

Advantageously, before performing the programming itself, the phone 20reproduces a specific session initiation accreditation, adapted toswitch the lock device into a programming mode different from its normaloperation. Once the programming is completed, another specific acousticaccreditation switches the lock out of the programming mode, back to itsnormal operating mode. This way to proceed is particularly advantageousto increase the security when the lock is acoustically controlled, i.e.the subsequent unlocking by an authorized user will be made by emissionof an encrypted acoustic accreditation, of similar nature than anacoustic accreditation having served for the programming.

Another improvement aims to avoid a fraud consisting in taking off analready-programmed lock to place it back, as such, at another site. Forthat purpose, the lock 22 memorizes the geographic location information(GPS coordinates or the like) of the phone 20 at the time the laterperforms the programming. The lock moreover comprises means forcollecting the geographic location information of the phone of the userthat will be subsequently considered as an authorized user, andcomparing these coordinates to those memorized at the time ofprogramming, and the opening will be authorized only if the informationmatch, within a given margin of error. In the absence of network or GPScover when the access is requested by the user, the location data usedwill be the most recent data obtained before the loss of contact, within this case a higher margin of error, defined by the administrator ofthe system.

Several ways by which the management site 10 can deliver theaccreditation to the mobile phone 20, in particular when this deliveryis made via the mobile operator network 24, will now be described.)

1°) In-Line Mode (Direct Delivery of the Accreditation)

When he desires to program the lock 22, the master-user contacts themanagement site 10 by any suitable means. This may be obtained bycalling a phone number, or by a method of the “call-back” type: in thiscase, the master-user contacts the management site by phone or by amessage (SMS, MMS, e-mail, instantaneous messaging, etc.); themanagement site does not answer immediately but, after the phone hasbeen hung up, it makes the mobile phone 20 ring so that the master-usercan once again establish the contact with the site (the number calledback by the management site being the subscriber number, indexed in thedatabase DB, of the master-user or of any user authorized by thelatter).

If the programming parameters have been previously defined as describedhereinabove, the master-user just needs to validate these parameters aswell as his mobile phone subscriber number with the management site 10.The simple answer of the management site to the call of the master-useror, in case of call back, the picking up by the latter, causes theimmediate and direct transmission of the encrypted acousticaccreditation authorization.

In this embodiment, whatever the way the user enters into contact withthe remote site, the latter delivers the acoustic accreditation directlyto the user, “in-line”, without intermediate storing.

This embodiment is particularly simple to implement, insofar as it justrequires the use of the existing infrastructure, without a previousadaptation of the phone, in particular without the need to load anapplet, notably of the midlet or cardlet type.

Hence, the invention can be implemented with any type of mobile phone,even a very simple one, and without any previous intervention on thelatter. Another advantage lies in the possibility to check in real timethe master-user's authorization. Moreover, with this in-line mode, it ispossible to have, at the management site, information about the use ofthe acoustic accreditation, in particular the date and time ofprogramming, and possibly the geographic location of this operation (byidentifying the network cell from which the master-user calls).

On the other hand, this mode requires having access to the mobilenetwork, which is not always possible (cellars, non-covered areas,etc.). Moreover, in principle, it does not make it possible to have, forselection by the user, several accreditations corresponding to severalpossible locks, insofar as it is necessary to have a “one-to-one” matchbetween accreditation and lock.

In case of a plurality of locks, it is possible to provide astep-by-step validation after each lock, or to use a different callnumber for each lock.

2°) Semi-in-Line Mode (Delayed In-Line Mode with Download)

This mode can be used in particular if the access to the network is notensured at the moment of use. In this case, the master-user connects inadvance to the management site and receives from the latter the acousticaccreditation corresponding to the lock he wants to program, or severalof these accreditations, in case of a plurality of locks to beprogrammed. These accreditations are securely stored in the phone or ina peripheral memory of the phone (for example an SD or MicroSD card).

Herein again, the previous contact with the management site 10 may beestablished either directly by sending to the site a request emitted bythe mobile phone of the master-user, or via a downlink message emittedby the remote management site to a subscriber number previouslyspecified by the master-user (or the number of any other user authorizedby the latter).

When the master-user wants to program a lock, he initiates an appletintegrated in his phone, which searches for the correspondingaccreditation among those that have been stored, reproduces it toprogram the lock, and cancels it from the memory. And so on, in order touse the following accreditations.

The application providing this implementation is an applet stored in thephone, previously sent to the latter by the mobile network operator, orby being downloaded on an external medium (SD or MicroSD card), or viaan Internet connection. In case of download via the mobile networkoperator, the management site will have beforehand sent a message, forexample of the “push SMS” or “WAP push” type, to the phone, in order toidentify the brand and model of the latter and to present to themaster-user a link for downloading the applet.

3°) Off-Line Mode

In this mode of implementation, the acoustic accreditations aregenerated locally, by the phone itself. For that purpose, the phonecontains an applet, in particular of the cardlet type (stored on theUICC card 40) or midlet type (stored in the memory 38 of the phone).Such applet is downloaded by any suitable means, in the same manner asthat used in the previous mode of implementation: download via themobile operator, via Internet, etc., or pre-loaded in the phone when thelatter is acquired.

The management site 10 sends “accreditation data” to the phone 20, suchdata being no longer the acoustic accreditation itself but acryptographic key stored in the UICC card 40 for reasons of security.The cryptographic key, combined with the applet, will provide acryptographic generator within the phone 20. When the master-userdesires to program a lock, he triggers the generation of the acousticgeneration by the internal applet and the reproduction thereof by thetransducer of his phone.

4°) “Attachment File” Mode

This mode of implementation is a variant of the semi-in-line mode.

The difference lies essentially in the fact that the accreditations arenot sent by the voice channel of the mobile phone network, but in theform of a file attached to a message of the e-mail, MMS or instantaneousmessage type.

The advantage of this solution is the use of the file download meanspre-existing in the phone, in particular with the phones comprisingelaborate functions of the “smartphone” type, and without the need topreviously download a specific applet, to store it in the phone and tomake it execute by the latter when needed. The file may also bedownloaded via the micro-computer 16 and the coupling 28 with the phone20.

The invention claimed is:
 1. A secured system for controlling theopening of lock devices, comprising: at least one lock device providedwith electronic circuits for the conditional control oflocking/unlocking mechanical members based on previously defined accessrights; a mobile phone at the disposal of a master-user; and a remotemanagement site; the system being characterized in that: the remotemanagement site comprises: a database of lock devices and authorizedusers with, for each lock device, an associated unique identifier and alist of authorized users with corresponding access right data; and agenerator of accreditation data, the accreditations being encryptedacoustic accreditations in the form of single-use audio signals, adaptedfor allowing the programming of the lock devices with the access rightsindexed in the database; the system comprises means for securedtransmission of said accreditation data from the remote management siteto the mobile phone of the master-user; the phone comprises anelectroacoustic transducer capable of reproducing said acousticaccreditations; the lock device comprises: electroacoustic transducercapable of picking up the acoustic accreditations reproduced by thephone's transducer previously placed in the vicinity of the lock device;and means for recognizing, analyzing and authenticating the acousticaccreditations picked up by the transducer, and updating the accessrights upon recognizing a compliant accreditation.
 2. The system ofclaim 1, wherein the means for secured transmission of the accreditationdata from the management site to the mobile phone of the master-usercomprise means for coupling this mobile phone with a computer terminalconnected to the management site.
 3. The system of claim 1, wherein themeans for secured transmission of the accreditation data from themanagement site to the mobile phone of the master-user comprise a mobilenetwork operator coupled to the management site and to the phone of themaster-user.
 4. The system of claim 1, wherein, for the generation ofaccreditation data to be transmitted to the phone, the management siteis capable of combining the access right data peculiar to the authorizedusers with additional data peculiar to the lock and obtained with themanagement site, and of generating an acoustic accreditation that is afunction of both said access right data and said additional data.
 5. Thesystem of claim 1, wherein the phone is capable of combining theaccreditation data transmitted by the management site with additionaldata inherent to the phone and obtained locally, and of generating anacoustic accreditation that is a function of both said accreditationdata and said additional data.
 6. The system of claim 5, wherein saidadditional data further comprise information of geographic location ofthe phone at the time of the programming operation, and the lock devicefurther comprises accordingly means for memorizing the information ofgeographic location at the time of programming, and subsequentlycomparing such information with information of geographic location of auser's phone at the time of an attempted opening of the lock device bythis user.
 7. The system of claim 1, wherein the phone is capable of:previously to the reproduction of the access right programming acousticaccreditations, reproducing a specific session initiation accreditationadapted to switch the lock device into a programming mode; and possibly,after the reproduction of said programming acoustic accreditations,reproducing a specific session closing accreditation adapted to switchthe lock device out of said programming mode.
 8. The system of claim 1,wherein: the lock device comprises an electroacoustic transducer capableof reproducing return acoustic signals, generated by the lock device andcoded with data peculiar to the lock device, and the phone comprises anelectroacoustic transducer capable of picking-up said return signals. 9.The system of claim 8, wherein the phone further comprises means fordecoding said return signals and displaying, if need be, to the user, amessage based on said data peculiar to the lock device.
 10. The systemof claim 8, wherein the phone further comprises means for transmittingto the management site said return signals coded with said data peculiarto the lock device.
 11. The system of claim 1, wherein the phone furthercomprises means for memorizing and updating a list of lock devicesalready programmed and of lock devices not yet programmed.
 12. Thesystem of claim 1, further comprising means for conditioning thereproduction of the acoustic accreditation by the phone's transducer tothe previous presentation of a personal validation data delivered by themaster-user to the phone.
 13. The system of claim 1, comprising meanscapable of: checking the authorization of the master-user to perform aprogramming of the lock device; generating an acoustic accreditation bythe generator of the management site; and transmitting saidaccreditation to the phone, for direct reproduction by the transducer ofthe latter previously placed in the vicinity of the lock device'stransducer.
 14. The system of claim 1, comprising means capable of:checking the authorization of the master-user to perform a programmingof the lock device; generating an acoustic accreditation by thegenerator of the management site; and activating an internal applet ofthe phone to download said accreditation and memorize the latter in amemory of the phone; and, in a second time, activating the internalapplet for reproducing the accreditation by the phone's transducerpreviously placed in the vicinity of the lock device's transducer. 15.The system of claim 1, wherein: the phone contains an internal appletforming, in combination with a cryptographic key, a cryptographicgenerator; the accreditation data transmitted by the remote managementsite to the phone is said cryptographic key, so as to allow, upon arequest from the master-user, the generation of the acousticaccreditation by the internal applet and the reproduction thereof by thephone's transducer previously placed in the vicinity of the lockdevice's transducer.
 16. The system of claim 1, comprising means capableof: checking the authorization of the master-user to perform aprogramming of the lock device; generating an acoustic accreditation bythe generator of the management site and converting said accreditationinto an audio file; transmitting said audio file to the phone fordownload and memorization into a memory of the phone; and, in a secondtime, reproducing the audio file by the phone's transducer previouslyplaced in the vicinity of the lock device's transducer.